On Wed, Oct 9, 2019 at 7:17 PM Paul Walsh wrote:
> We can all agree that almost no user knows the difference between a site
> with a DV cert and a site with an EV cert. I personally came to that
> conclusion years ago. I wanted data, so I asked more than 3,000 people.
> Almost everyone assumed
> On Oct 9, 2019, at 4:21 PM, Ronald Crane via dev-security-policy
> wrote:
>
> On 10/9/2019 3:17 PM, Paul Walsh wrote:
>>> On Oct 9, 2019, at 3:06 PM, Ronald Crane via dev-security-policy
>>> wrote:
>>>
>>> On 10/9/2019 2:24 PM, Paul Walsh via dev-security-policy wrote:
>>> it
> On Oct 9, 2019, at 4:19 PM, Peter Gutmann wrote:
>
> Paul Walsh via dev-security-policy
> writes:
>
>> The data suggests that automatically issued DV certs for free is a favorite
>> for criminals.
>
> True, but that one's just an instance of Sutton's Law, they go for those
> because
All,
I would like to remind everyone about when these requirements for
non-technically-constrained intermediate certificates came into effect
for CAs in Mozilla’s program according to previous versions of Mozilla’s
Root Store Policy[1] and previous CA Communications[2].
February 2013:
I’m sorry for the follow up message - I know we all get too many notifications
already. But I forgot to add that I was the founder and CEO of Segala - the
company referenced on the W3C website that I referred to below.
Sorry about that.
Paul
> On Oct 9, 2019, at 4:17 PM, Paul Walsh wrote:
On 10/9/2019 3:17 PM, Paul Walsh wrote:
On Oct 9, 2019, at 3:06 PM, Ronald Crane via dev-security-policy
wrote:
On 10/9/2019 2:24 PM, Paul Walsh via dev-security-policy wrote:
it indefinitely.
[PW] Here’s the kink Ronald. I agree with you. Mozilla’s decision to implement
DoH is going to
Hi Paul,
Those statements are both hyperbolic representations of others' points of
view.
There are plenty of people who are skeptical about the effectiveness of EV
and its associated UI who nonetheless believe that some sense of
trustworthiness about websites is important. For example, Mozilla
On 10/8/2019 7:04 PM, Paul Walsh via dev-security-policy wrote:
On Oct 2, 2019, at 3:41 PM, Ronald Crane via dev-security-policy
wrote:
On 10/2/2019 3:00 PM, Paul Walsh via dev-security-policy wrote:
On Oct 2, 2019, at 2:52 PM, Ronald Crane via dev-security-policy
wrote:
[snip]
Some
On 10/9/2019 11:02 AM, Paul Walsh via dev-security-policy wrote:
On Oct 9, 2019, at 10:42 AM, Ronald Crane via dev-security-policy
wrote:
On 10/2/2019 3:50 PM, Paul Walsh via dev-security-policy wrote:
[snip]
sɑlesforce[.com] is available for purchase right now.
I was going to suggest
> On Oct 9, 2019, at 10:42 AM, Ronald Crane via dev-security-policy
> wrote:
>
> On 10/2/2019 3:50 PM, Paul Walsh via dev-security-policy wrote:
>
> [snip]
sɑlesforce[.com] is available for purchase right now.
>>> I was going to suggest banning non-Latin-glyph domains, since they are yet
On Oct 9, 2019, at 7:30 AM, Leo Grove via dev-security-policy
wrote:
>
> On Tuesday, October 8, 2019 at 10:36:19 PM UTC-5, Matt Palmer wrote:
>> On Tue, Oct 08, 2019 at 07:16:59PM -0700, Paul Walsh via dev-security-policy
>> wrote:
>>> Why isn’t anyone’s head blowing up over the Let’s Encrypt
On Tuesday, October 8, 2019 at 10:36:19 PM UTC-5, Matt Palmer wrote:
> On Tue, Oct 08, 2019 at 07:16:59PM -0700, Paul Walsh via dev-security-policy
> wrote:
> > Why isn’t anyone’s head blowing up over the Let’s Encrypt stats?
>
> Because those stats don't show anything worth blowing up ones head
12 matches
Mail list logo